Slashdot Mirror
SSD Drives Vulnerable To Rowhammer-Like Attacks That Corrupt User Data (bleepingcomputer.com)
An anonymous reader writes: NAND flash memory chips, the building blocks of solid-state drives (SSDs), include what could be called "programming vulnerabilities" that can be exploited to alter stored data or shorten the SSD's lifespan. According to research published earlier this year, the programming logic powering of MLC NAND flash memory chips (the tech used for the latest generation of SSDs), is vulnerable to at least two types of attacks.
The first is called "program interference," and takes place when an attacker manages to write data with a certain pattern to a target's SSD. Writing this data repeatedly and at high speeds causes errors in the SSD, which then corrupts data stored on nearby cells. This attack is similar to the infamous Rowhammer attack on RAM chips.
The second attack is called "read disturb" and in this scenario, an attacker's exploit code causes the SSD to perform a large number of read operations in a very short time, which causes a phenomenon of "read disturb errors," that alters the SSD ability to read data from nearby cells, even long after the attack stops.
The first is called "program interference," and takes place when an attacker manages to write data with a certain pattern to a target's SSD. Writing this data repeatedly and at high speeds causes errors in the SSD, which then corrupts data stored on nearby cells. This attack is similar to the infamous Rowhammer attack on RAM chips.
The second attack is called "read disturb" and in this scenario, an attacker's exploit code causes the SSD to perform a large number of read operations in a very short time, which causes a phenomenon of "read disturb errors," that alters the SSD ability to read data from nearby cells, even long after the attack stops.
Let me guess. You hate the "experts" and the "elites"? Let's "tear it all down"? A hop and a skip from Trumpnik thinking, and look how that's going.
Because, you jackass, the discovery of flaws is what allows continuous improvements to be made. I mean, let's NOT find ways to make cars safer by readily exploring all opportunities to keep children safe in the event of a car crash. Let's NOT fund avionics to improve QOL where air flight is concerned. Let's NOT safeguard data to keep sensitive information that our enemies can use to dismantle our way of life our of their hands.
Why don't you tell us what you do that's "useful" on a day-to-day basis. And make it a good one, because it's gotta be something that benefits society as a whole.
What with you being so elite and all.
Such as waiting for state-sponsored cybercriminals or intelligence agencies to discovery these things first, or someone to unintentionally trip them with a programming error?
...I don't think it has much real-world worry. If you're running an intentionally malicious program on your computer, you've got far worse problems. A SSD is one device. A single credit card number is worth thousands of dollars to you and possibly dozens of hours of your valuable time to fix.
I do wonder, is there such an equivalent vulnerability in platter drives? Writing rapidly to the inside and outside of the platter so the heads scream back and forth over and over? (Kind of like the bad old days of exceeding your RAM and thrashing everything to a page file as your heads go CLICK CLICK CLICK CLICK.)
Come to think of it, I wonder if you could VARY the read/write speed of a hard drive by changing your write patterns. So if you can get the heads to swing at a certain frequency, you could start a resonant oscillation of the heads which, if tuned right, would cause a complete mechanical failure.
Because of this comment, you should not be allowed to benefit from SSD drives that aren't vulnerable to these attacks. Maybe a bit would be flipped in your bank account balance, or at least a critical part of your computer's partition table.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Like post worthless shit on Slashdot?
I do wonder, is there such an equivalent vulnerability in platter drives? Writing rapidly to the inside and outside of the platter so the heads scream back and forth over and over?
The heads already scream back and forth on normal operation. If you create write patterns that increase head moves, I do not expect to see something else that trashed I/O performances.
TFA is not very detailed, it seems the journalist had a hard time explaining what the scientists did. Anyone has a better link?
We used to do that ON PURPOSE. It's wasn't mechanical failure, it was an undocumented feature. http://www.catb.org/~esr/jargo...
...I don't think it has much real-world worry. If you're running an intentionally malicious program on your computer, you've got far worse problems. A SSD is one device. A single credit card number is worth thousands of dollars to you and possibly dozens of hours of your valuable time to fix.
Assuming you got access to anything valuable with the process you're running as. The point of rowhammer was that you could flip bits in other processes, Imagine for example if you have found an exploit in the web server but all it has access to is public files but you could flip the permission bits on /etc/passwd to be world readable that would be a pretty big exploit. If you can use a "harmless" service running as a non-privileged user to create a denial-of-service attack, that surely has some value too.
Live today, because you never know what tomorrow brings
I don't think that has a realistic chance of working -- filesystems tend to write file contents in difficult to predict geographical locations.
I think what would be more realistic is using this as a hypervisor escape.
Even then, I'm curious how this attack is supposed to work now that most SSDs use wear leveling.
That's a real garbage answer.
“Common sense is not so common.” — Voltaire
In this case there isn't really any way to improve them. Read and write disturbs are a well-known phenomenon that can't be solved at the physical level. That's why bits stored in flash are distributed in space and time, with both the hardware and the flash controllers acting to minimise the problems due to disturbs. My guess is that these guys reverse-engineered the mechanisms used for one particular flash technology and figured out the access patterns needed to induce disturbs.
The workaround would be to use a different random seed for access-pattern randomisation on each device, so you can't leverage information obtained for one device to attack all other devices in that class.
In other news SSDs are susceptible to actual hammers as well, no work around has been found.
There is no real world practical worry for this.
This hack relies on the ability to rewrite specific pages in NAND flash. In fact, the attack is well known in NAND flash - read and write disturbs are documented issues with NAND flash since the beginning. Every NAND flash datasheet mentions how you can and cannot program it in order to minimize the probability of disturbs. It's why NAND flash has the "spare area" - because even following the recommendations (always program from page 0 through consecutive pages, never skip around and always program full pages at a time) you will encounter a disturb event eventually.
Now, this requires raw NAND access. But practically all flash memory your PC uses is managed. The SSD has a controller on it sitting between the SATA or PCIe bus and the raw NAND flash. Even memory cards are managed - CompactFlash, SD/MMC, Memory Stick are managed. Only the xD and SmartMedia actually are raw NAND (the controller is in the interface) formatted in special ways.
And managed memory means you can't access the raw media because the management controller is doing its very best to mitigate flash memory drawbacks (like limited program-erase cycles) and problems (like read/write disturbs) by using such fancy technology as wear-levelling. This way even if you write to the same sector always, it's actually walking around the physical media so no part of the actual flash chip is getting more worn out than the others.
And modern SSDs have so much state in them that knowing where your write actually goes in the physical storage array is impossible to know - you need to know the exact state of the array including the states of all the pages (good data, dirty data, ready to be erased, etc). because when it comes time to garbage collect and all that, all the previous state is important as it influences the new state. (And all this contributes to write amplification - where writing N bytes actually causes N+M bytes to be written because of flash management).
I'm not impressed with the findings, since I read all about them in a Toshiba (inventor of NAND flash) application note over a decade ago. It's exactly what Toshiba said would happen and why you need to follow the rules (which every managed controller does).
To be more impressed, they need to demonstrate the results using every day SSDs instead of special test and development boards that let them abuse the raw NAND.
...I don't think it has much real-world worry. If you're running an intentionally malicious program on your computer, you've got far worse problems. A SSD is one device. A single credit card number is worth thousands of dollars to you and possibly dozens of hours of your valuable time to fix.
What if you're running a virtual instance on a cloud platform, and somebody else is running another virtual instance on the same platform, sharing the same physical memory and SSD ?
Ok tim for my daily rant Can we stop calling them ssd drives, kt is redundant as SSD means "Solid State Drive", so saying SSD Drive would be like saying "solid state drive drive", would anyone do that? Just asking
Why don't you tell us what you do that's "useful" on a day-to-day basis. And make it a good one, because it's gotta be something that benefits society as a whole.
His endless trolling provides lulz to Slashdot users the world over.
The link summarizes a paper presented 4 months ago in the HPCA'17 conference in Austin, why is this "news" now?
Then this attack would be impossible obviously. You need direct access to the hardware in order to control the bit pattern. In the scenario you are talking about you are using a filesystem to write data, and one of several kernels as well. Your reads and writes are cached by the OS and you have no control over the order of your reads and writes and the reads and writes of the other virtual machines. Your memory writes, while they appear to be at linear ranges you specify, are virtual. That's why it is called virtualization. You are never sharing the same memory. If you were running things they way you think, you could crash your instance and every other instance on the system with a simple C program run as root that dereferences a "properly" initialized pointer, or writes to a location of "interest" such as the stack of the disk drive interrupt routine. Virtual machines would be crashing left and right because the other guy was malicious, or more likely, incompetent.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Storage access is mediated on so many levels that even vendors have a hard time identifying whether even relatively simple performance problems are the result of an application, the application subsystem (databases), the operating system, the network system, the storage system, the storage fabric or the computer system.
I don't see how it would ever be possible to exploit this, especially when the flash vendors are aware of it and the closest software levels of the hardware are deliberately written in ways to inhibit it.
No, no. It's the Department of Redundancy Department. Sheesh!
"Writing this data repeatedly and at high speeds causes errors in the SSD"
Why is this allowed to happen? Why isn't the write speed limited if abusing it can cause errors? How can this be an allowed operation? Since the drive is under complete control of its own firmware, why is this operation allowed to proceed or even take place?
"an attacker's exploit code causes the SSD to perform a large number of read operations in a very short time, which causes a phenomenon of "read disturb errors," that alters the SSD ability to read data from nearby cells, even long after the attack stops"
As above, why is this even allowed to occur?
I'm no expert on SSD functionality, so I'm baffled why the drive would be permitted to do this in the first place. Can someone explain this to me?
Just cruising through this digital world at 33 1/3 rpm...
Indeed. Rowhammer was silent data changes that could be used for attacks. This is very obvious data corruption, and only if the design of the SSD is pretty bad. The whole comparison is pretty stupid.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Not at all. The only thing that can be achieved here is obvious data corruption (i.e. reliably detected by the SSD). Encryption has no impact on that.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
So if you can get the heads to swing at a certain frequency, you could start a resonant oscillation of the heads which, if tuned right, would cause a complete mechanical failure.
Although this would be interesting, just like the SSD exploit, I'm not sure how useful it would really be in the real world. Drives are pretty cheap. Loss of data is the big deal and if you have physical access to the system then randomly writing to the drive or formatting the drive seems like the simplest and easiest way to destroy the data.
So please inform me where I now can purchase all these new shiny SSDs to replace all the 8TB disks that we have in our array cabinets. And that without having to pay more for a single of those new drives than 100 or so of the old ones...
How the fuck does anyone offer NAND storage without error correction? WTF?!
A successful API design takes a mixture of software design and pedagogy.